HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

111

112

113

114

115

116

117

118

119

120

Kerberos v5 Client D.1.6.2 or later or HP-UX 11i v2◦

◦ Kerberos v5 Client E.1.6.2 or later on HP-UX 11i v3

• Service Pack 1 is recommended for Windows 2003, and required for inter-operation with

Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later

on HP-UX 11i v3.

• HP-UX LDAP-UX Integration product

• Windows 2000, Windows 2003, or Windows 2008 Server domain.

• Windows 2000 or Windows XP Client

Configuring krb5.keytab

Here are the required components to configure HP CIFS Server with HP-UX Internet Services

co-existence:

• Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later

on HP-UX 11i v3.

• /etc/krb5.conf file

• /etc/opt/samba/smb.conf file

• /etc/krb5.keytab file

• net ads keytab create command

The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows

domain.

Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access

the keytab file:

1. Add the default_keytab_name parameter with the FILE attribute in the /etc/krb5.conf

file. The Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2

or later on HP-UX 11i v3 is required for the FILE attribute.

An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:

# Kerberos configuration

[libdefaults]

default_realm = MYREALM.HP.COM

default_tkt_enctypes = DES-CBC-MD5

default_tgs_enctypes = DES-CBC-MD5

default_keytab_name = "FILE:/etc/krb5.keytab"

[realms]

MYREALM.HP.COM = {

kdc = HPWIN2K4.MYREALM.HP.COM:88

admin_server = HPWIN2K4.MYREALM.HP.COM

}

[domain_realm]

.hp.com = MYREALM.HP.COM

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/log/krb5lib.log

2. Run the net ads keytab create -U administrator command to generate an

/etc/krb5.keytab file.

3. To configure the HP CIFS Server to read /etc/krb5.keytab, set the use kerberos

keytab parameter in /etc/opt/samba/smb.conf to yes.

An example of /etc/opt/samba/smb.conf is as follows:

HP-UX Kerberos Application Co-existence 111